is not good enough • Chaining exploits together improves both the likelihood of occurrence and the impact of successful exploitation • This is called “vulnerability weaponization” • You have to be able to “think outside the box” and be a little sadistic Web Application Exploit Chaining http://example.com/redirect.php?url=http://evil.attacker.com
browser plugin exploit == Malware drop on victim’s PC + OS priv escalation exploit == Hostile PC takeover and/or foothold into internal network • If attack is targeted, the goal will be the latter (foothold) • If attack is non-targeted, the goal will be the former (ransomware) Exploit Chaining Example #1
commonly frequented site + CSRF vulnerability in victim’s broadband router’s “mgmt web app” == Router take-over and/or foothold into internal network • If attack is targeted, goal will be the latter (foothold) • If attack is non-targeted, goal will be the former (use router for DDOS) Exploit Chaining Example #2